-
Notifications
You must be signed in to change notification settings - Fork 23
/
Copy pathapache.txt
294 lines (260 loc) · 10.9 KB
/
apache.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
Install apache
sudo apt-get install apache2
If apache is not working.
sudo apt-get purge apache2 libapache2-mod-php* php*
sudo apt-get remove apache2
sudo apt-get install apache2
sudo apt-get install php7.0 libapache2-mod-php7.0
sudo /etc/init.d/apache2 restart
Inside vagrant
[vagrant up]
[vagrant ssh]
sudo apt-get install apache2
Verify apache is installed and running
ps -ef | grep apache | grep -v grep
Server directory
DocumentRoot /var/www
Access log is at following location, normally.
/var/log/apache2/
access.log
error.log
Log Format
LogFormat "%h %l %u %t \"%r\" %>s %b" [nickname]
%h Remote hostname or IP address
%l Remote log name
%u Remote user if the request is authenticated
%t Date and time when the request was received
%r First line of request to the server
%>s Final status of the request
%b Size of the response [bytes]
If there's following error:
Could not reliably determine the server's fully qualified domain name, using 127.0.1.1 for ServerName
It's just a warning. In order to remove it add following line to /etc/apache2/apache2.conf
ServerName localhost
Adding Virtualhost
If we want to make a website www.ghummantech.com [inside vagrant]
1) Create a directory at /var/www/ghummantech (no html dir exists) and add following content to ghummantech/index.html
<html>
<body>
<p>ghummantech created.<p>
</body>
</html>
2) sudo vim /etc/apache2/sites-available/ghummantech.conf
(minimum)
<VirtualHost *:80>
DocumentRoot /var/www/ghummantech
ServerName www.ghummantech.com
</VirtualHost>
(full version)
<VirtualHost *:80>
ServerAdmin [email protected]
DocumentRoot /var/www/ghummantech
ServerName www.ghummantech.com
ServerAlias www.ghummantech.org ghummantech.com
ErrorLog /var/www/ghummantech/error.log
LogFormat "%v %l %u %t \"%r\" %>s %b" myvhost
CustomLog /var/www/ghummantech/access.log myvhost
</VirtualHost>
3)
cd /etc/apache2/sites-available/
sudo a2ensite /etc/apache2/sites-available/ghummantech.conf
4) sudo vim /etc/hosts. Add following
127.0.0.1 www.ghummantech.com
127.0.0.1 ghummantech.com
5) sudo service apache2 restart (sudo systemctl restart apache)
NOTES:
a) On my linux laptop, I saw that if you put 'VirtualHost' paragraph inside a seperate file like /etc/apache/sites-available/ghummantech.conf, it doesn't work. I need to add VirtualHost paragraph inside 000-default.conf file. I put new paragrah in the beginning.
b) Without putting names of websites with server address inside /etc/hosts, none of the redirection method worked.
Redirection can be done using one of the following techniques, maybe even more.
i) Inside VirtualHost use ServerAlias www.ghummantech.org ghummantech.com (also in /etc/hosts add: 192.168.33.88 www.ghummantech.org ghummantech.com)
ii) It didn't work using curl, but worked on firefox
<VirtualHost *:80>
Servername 54borden.com
RedirectMatch permanent ^/(.*) http://www.54borden.com/$1
</VirtualHost>
iii) sudo ln -s /etc/apache2/mods-available/rewrite.load /etc/apache2/mods-enabled/
Inside 000-default.conf add following inside VirtualHost
RewriteEngine On
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule ^(.*)$ http://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
#####################################################################
# Self Signed/Certificate Signing Request
# SSL (Secure Sockets Layer)
#####################################################################
1) Enable SSL module
a2enmod ssl
2) Create key and certificates
mkdir -p /etc/apache2/ssl-certs
openssl req -x509 -days 365 -newkey rsa:2048 -keyout /etc/apache2/ssl-certs/apache.key -out /etc/apache2/ssl-certs/apache.out
3) Configure 000-defulat-site
<VirtualHost *:443>
ServerName www.mynewsite.com
DocumentRoot /var/www/mynewsite.com
SSLEngine on
SSLCertificateFile /etc/apache2/ssl-certs/apache.out
SSLCertificateKeyFile /etc/apache2/ssl-certs/apache.key
<VirtualHost>
#######################################################################
# My understanding about Apache in ubuntu
#######################################################################
Virtual host is needed when you want to host more than one site.
It can be name-based or ip-based or both.
Name-Based:
one website 'business.example.com' hosted at say '/vhost/business.example.com' and other website 'sales.example.com' hosted at say '/vhost/sales.example.com'. Inside /etc/hosts all www.business.example.com, business.example.com, www.sales.example.com and sales.example.com are refering to one ip address which is also localhost/eth0/eth1 ip address, meaning original website /var/www/html will also be hosted using the same ip adress.
Go to /etc/apache/sites-enabled/000-default and at the end of the file add following lines
<VirtualHost *:80>
ServerName www.business.example.com
ServerAlias www.business.example.com business.example.com
DocumentRoot /vhost/business.example.com/
</VirtualHost>
<VirtualHost *:80>
ServerName www.sales.example.com
ServerAlias www.sales.example.com sales.example.com
DocumentRoot /vhost/sales.example.com/
</VirtualHost>
To access with SSL like https://www.business.example.com, after doing above step, do following
1)
cd /etc/apache2/mods-available
sudo a2enmod ssl
2)
sudo ln -s /etc/apache2/site-available/default-ssl /etc/apache2/sites-enable/ (or just copy it)
sudo vim /etc/apache2/sites-enable/default-ssl
3)
a) After the first line <IfModule mod_ssl.c>
NameVirtualHost 192.168.33.10:443
b) Replace <VirtualHost _default_:443> with <VirtualHost 192.168.33.10:443> (Trying to implement name based virtual host)
c) At the end of the file but before last line </IfModule>, add following
<VirtualHost 192.168.33.10:443>
ServerName www.business.example.com
ServerAlias www.business.example.com business.example.com
DocumentRoot /vhost/business.example.com/
SSLEngine on
SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
</VirtualHost>
<VirtualHost 192.168.33.10:443>
ServerName www.sales.example.com
ServerAlias www.sales.example.com sales.example.com
DocumentRoot /vhost/sales.example.com/
SSLEngine on
SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
</VirtualHost>
IP-Based And/Or Both
IP based means assign a seperate ip address to every domain (name based virtual host). It's the recommended way to implement SSL. As SSL has issues (though it kind of works in above example) when multiple sites are referring to same ip address. Assign ip addresses using following commands.
sudo ip addr add 192.168.33.88/24 dev eth1
sudo ip addr add 192.168.33.89/24 dev eth1
Update /etc/hosts for different websites
Edit 000-default as follows
<VirtualHost 192.168.33.88:80>
ServerName www.business.example.com
ServerAlias www.business.example.com business.example.com
DocumentRoot /vhost/business.example.com/
</VirtualHost>
<VirtualHost 192.168.33.89:80>
ServerName www.sales.example.com
ServerAlias www.sales.example.com sales.example.com
DocumentRoot /vhost/sales.example.com/
</VirtualHost>
In default-ssl there's no need for line 'NameVirtualHost 192.168.33.10:443' as every VirtualHost is going to have a seperate ip address. Original one can stay as <VitualHost _default_:443>. And add the folloing.
<VirtualHost 192.168.33.88:443>
ServerName www.business.example.com
ServerAlias www.business.example.com business.example.com
DocumentRoot /vhost/business.example.com/
SSLEngine on
SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
</VirtualHost>
<VirtualHost 192.168.33.89:443>
ServerName www.sales.example.com
ServerAlias www.sales.example.com sales.example.com
DocumentRoot /vhost/sales.example.com/
SSLEngine on
SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
</VirtualHost>
#################################################################
# Password Protected Sub Directory
#################################################################
Inside 000-default or default-ssl(for https) or create new file '/etc/apache2/sites-enabled/secure-dir.conf'(manual recommends it), and add following insdie VirtualHost Directory for desired website. If created new file and added independently I think I will look for secure directory inside /var/www/html(default website)
<Location /secure/>
AuthType Basic
AuthName "Restricted Area"
AuthUserFile secure.users
Require valid-user
</Location>
Then to create username/password/file go to /etc/apache2 and use following
htpasswd -c secure.users ghumman
#################################################################
# Advanced Settings
#################################################################
1) cgi
(common gateway interface)
when user says www.54borden.com/scripts/foo.cgi?, run a script /new-cgi/foo.cgi
it involves two steps. Route from script to new-cgi and then run the script
Add following to 000-default.conf
ScriptAlias /scripts/ /new-cgi/
<Directory /new-cgi/>
Require all granted
</Directory>
Content of /new-cgi/foo.cgi, it should be executable (chmod +x /new-cgi/foo.cgi)
#!/bin/bash
echo -e "\n"
echo -e "Content-type: text/plain\n\n"
echo -e "File is $1\n"
# Enable cgi module
a2enmod cgi
#To test
w3m http://54borden.com/scripts/foo.cgi?bar
2) rewrite
Redirect http://54borden.com/foo/.* to http://54borden.com/scripts/foo.cgi?.*
Add following to 000-default.conf
RewriteEngine on
RewriteOptions inherit
RewriteRule ^/foo/(.*) /scripts/foo.cgi?$1 [L,PT]
#Enable rewrite
a2enmod rewrite
#Test
w3m www.54borden.com/foo/bar
3) status
Show status at www.54borden.com/server-status
Add following to 000-default.conf
<Location /server-status/>
SetHandler server-status
Require ip 192.168.33.0/24 ::1 127.
</Location>
#Enable status
a2enmod status (default is enabled)
#Test
w3m www.54borden.com/server-status/
4) include
Include/Read/Redirect html files inside html file
#Add following to 000-default.conf
<Location /magic/>
Options +Includes
XBitHack on
</Location>
#Enable include
a2enmod include
#Create following files
/ipvhost/www.54borden.com/magic/index.html
"
<html>
<head>
<title>This file is a magic include file</title>
</head>
<body>
<h1>This file is a magic include file</h1>
<h2>Foo include below</h2>
<!--#include virtual="includes/foo.html"-->
<h2>Bar include below</h2>
<!--#include virtual="includes/bar.html"-->
</body>
</html>
"
/ipvhost/www.54borden.com/magic/includes/foo.html
this is foo file
/ipvhost/www.54borden.com/magic/includes/bar.html
this is bar file
#Test
w3m www.54borden.com/magic/index.html